Skillset

[NOTE: Click the “DOWNLOAD” button to your right to download the config files for this lab]

Video Transcript: Welcome to this CCDA Lab, where we will be discussing the access and distribution layer design options. In the first part of this lab, we will be looking at the first option where VLANs span access layer switches. In this scenario, STP and First Hop Redundancy Protocols like HSRP will play a huge role.

So the lab we have here is a typical LAN setup. You have two access switches, you have two distribution switches, and then you have your router, which is acting as the core layer, or something like that. And then we have VLAN10 and VLAN20. We have VLAN10 and VLAN20 on this access layer switch, and we also have VLAN10 and 20 on this access layer switch. So if you notice, we have four different host, PC VLAN10 that is the first one connected to this switch, and there’s another PC on VLAN10 on this switch. And then have one PC on VLAN20 here and another PC on VLAN20 here.

So, let’s look at the interfaces, this is Fa0/1 to distribution switch one and it’s Fa0/2 to distribution switch two, it’s Fa0/3 to this guy and Fa0/4 to this guy. Now is also similar here, this is Fa0/1, this is Fa0/2, this is Fa0/3 and this is Fa0/4. And then this interface here is 1/0/24 going to the router and here is also 1/0/24. And connecting both distribution layer switches we have 1/0/1. And then, here is 1/0/3 to this guy, and this one is 1/0/2 to this guy.

So, let’s start with our access layer switches. So the first thing we want to do, let’s check our VLANs. So we have VLAN10 and we have VLAN20. Now let’s check our trunk links. So we’ve configured Fa0/1 and Fa0/2 and that’s the ones to the distribution layer switches. We’ve configured them as trunk links. And then if we check show interface status we can see Fa0/3 is on VLAN10 and Fa0/4 is on VLAN20. Okay. And then if we come here, this is the same thing, show VLAN brief. We have 10 and 20 and then show interface status, we have 0/3 and 0/4, 10 and 20. And then we can check trunk, so 0/1 and 0/2.

So that’s what we have in our setup. If we were to look at the running configuration, it’s very simple, actually, we are running Rapid per VLAN Spanning Tree, that’s the mode. And, there’s not much here, actually, there’s not much here.

So let’s go to the distribution layer switches. I’m just going to come to this one. Let’s do distribution switch one, and let’s check a couple of things. Actually the easiest thing to do would be to just check the running configuration. Because we have a couple of things here. So, like I said, the mode that we’re running Rapid per VLAN Spanning Tree.

Now, on VLAN 10, the priority we set it to 4096 and on VLAN20 we set it to 8192. Now the reason behind that is in this configure or in this particular lab setup, we want the distribution layer switch one to be active for VLAN10 while distribution switch two is active for VLAN20 so that we can have some sort of load-balancing. Okay.

All the interfaces here are trunk. The one connected to the router, we have no switchports on it, so this is a layer three interface. So all these other interfaces, all these other links they are layer 2. But this one going to the core layer is layer three. The distribution layer switches are going to take care of inter-VLAN routing, so we’ve created SVIs VLAN10 and VLAN20. Now for VLAN10, we want this guy to be active. So we’ve increased the priority to 110. The default priority for HSRP is 100. But for VLAN20 we’ve left it at the default because we want the distribution switch two to be active for that. And then we are running EIGRP, so we are running EIGRP with the router. And that’s basically all we have.

Now let’s check distribution switch two. Let me just increase this … My notice is very similar, show run. The only thing is for VLAN 20 this guy has a higher priority, and for VLAN10 he has a lower priority than the distribution switch one. Both of them actually have higher priorities than the access switches, which are only at default. And then if we come here we’ll notice that for VLAN20, this guy has a higher priority, and for VLAN10 it’s default.

Now, the reason we did that is remember we said in its topology like this, where you have VLANs spanning across access layer switches, you need to make sure your STP roots and your HRSP active router are the same thing. So if this guy is STP root for VLAN10, he should also be active for VLAN10, that’s HSRP. Now we’re going to see that.

CCNA Quad Instant Pricing – Intense

So, let’s do a couple of things, show spanning-tree. Let’s check for VLAN10. For VLAN10, this guy, this bridge is the root. And then, all its links are in the forwarding states. Now, let’s compare that with its … so show standby brief … So, for VLAN10, let me just increase this … So for VLAN10, it’s active, right? So it’s HSRP active and it’s also the STP root for that particular VLAN. And the for VLAN20, show spanning-tree VLAN20, we see that it’s not the root, right? And then we can kind of get an idea what the root is, because the root port is gigabit 0/1, which is the one that goes to distribution switch two.

So let’s to go distribution switch two and check that. Show spanning-tree let’s check VLAN10. We know this is on bridge ID so it’s not the root. But for VLAN20, it’s the root. And if we check the show standby brief, we can see that it is active for VLAN20.

Now one thing you’ll notice is the configuration is a bit complex, because you have to make sure that things are synchronized. It’s a bit complex to make sure that everything is doing … Imagine if you had more than two VLANs that you wanted to do, how are you going to balance it between your distribution layer switches? Or are you just going to put everything on one distribution layer switch? And stuff like that. So, yeah, the configuration can be a bit complex, but once you get your hands around it, it’s actually pretty easy.

So, now if we come to the access layer switches, so we if we come here, for example, and we do the show spanning-tree VLAN10, now this is where it gets pretty interesting. Now for VLAN10, even though he has two links to this guy, so he has distribution Fa0/1 to this guy and Fa0/2 to this guy, since this one if the STP root for VLAN10, this link will be in the forwarding state, but this link will be in the blocking state. So let’s check that. So you can see Fa0/1 is forwarding, but Fa0/2 is blocked. So that’s why, in this type of scenario, you are not maximizing your bandwidth, since one link for a particular VLAN in this case is always blocked.

Now let’s check for VLAN20. So for VLAN20, Fa0/1, that’s the one to distribution switch one, will be blocked. That’s this one, will be blocked. But Fa0/2 will be in the forwarding state. And then we can also confirm that the same thing is true for this guy. Show spanning-tree VLAN10. So for VLAN10, Fa0/2 is blocked, but Fa0/1 is forwarding and then for VLAN20, Fa0/1 is blocked and Fa0/2 is forwarding. So, in summary, you lose one of your links, at least for a particular VLAN. So that’s why it’s also good to use a per VLAN Spanning Tree instance. If you were using one instance for all your VLANs, then you have one link that is always blocked. So always use, as much as you can, use Rapid per VLAN Spanning Tree.

So now let’s check the effect of that. If I come to this PC, let me make sure that I even have communication between VLANs. So 100… no, 10.101. All right, so I’m pinging from this guy to this guy. Now let’s see if I can go to another VLAN, 20.101. So, the reply isn’t coming, that was probably up. All right, so there we go, so let’s ping it again. All right, so we have communication.

Now let’s ping 8.8, which is on this particular guy. So 8.8 is here and these guy’s know about him so if I do a show IP route, they know about it through EIGRP. So ping 8.8.8, as you can see I have communication with that guy.

Now one thing that we could actually do is to run this is in simulated mode, so let’s simulate something. Only do ICMP, it would show you that only one link is actually being used. So if I come here and I ping 8.8, so as you can see it has generated an ICMP packet. Now if I go Capture/Forward, it comes to this guy. Now, even though this guy has two links, because this link is blocked for VLAN10, it would only send our packets out through this guy. So let’s see it happen. Ah-ha! Can you see that? Yeah? So he sends it out through this guy.

Now, if we were to reset the simulation and come for a PC on VLAN20 and do the same thing. So let’s ping 8.8.8. Now, if I go Capture/Forward, this one is trying to get the up, actually. Okay, so now it has come here it would send it out this link. So notice it didn’t send it out to this guy, because for VLAN20 this is blocked.

So those are some of the things that you need to keep in mind when you spanning VLANs across access layer switches. Remember that all the links here are layer two, but this particular one is layer three. And you were going to lose one of your links, at least for a particular VLAN because of Spanning Tree. So we much as possible, if you can, avoid Spanning Tree.

Adeolu Owokade is a technology lover who has always been intrigued by Security. He has multiple years of experience in the design, implementation and support of network and security technologies. He's a CCIE (Security) with a new found love in writing.

great post sir verry informative.after a long time i read your post please keep it up

About Intense

Intense School has been providing accelerated IT training and certification for over 12 years to more than 45,000 IT and Information Security professionals worldwide. Come see why we have the highest pass rates in the industry!

Join our newsletter

File download

First Name

Last Name

Work Phone Number

Work Email Address

Job Title

How will you fund your training?

Why Take This Training?

What is your timeline for training?

InfoSec institute respects your privacy and will never use your personal information for anything other than to notify you of your requested course pricing. We will never sell your information to third parties. You will not be spammed.

Comments

What is Skillset?

Skillset

Practice tests & assessments.

Practice for certification success with the Skillset library of over 100,000 practice test questions. We analyze your responses and can determine when you are ready to sit for the test. Along your journey to exam readiness, we will:

1. Determine which required skills your knowledge is sufficient
2. Which required skills you need to work on
3. Recommend specific skills to practice on next
4. Track your progress towards a certification exam